I have two AX3000, I want to have an HA active-active deployment. Is this possible in Large Scale NAT implementation? If that so, can you give me some example configuration.
That's indeed also possible with LSN implementation. And the configuration is the very same as what you did on your SLB active-active deployment. You simply configure: . HA with preempt . 2 HA groups with different priorities => AX1 is active on 1 group and standby on the other group . 2 HA Floating VIP => each device receives the traffic it's supposed to receive
Can you please elaborate your question? LSN will not allow VIP in the configuration. The way LSN works is by selecting an IP address from the NAT pool and using it as a source for the session(outbound connection).
What I mean is, floating IP for my outside interface. Like I said, I have two AX3000 and I want to have active-active deployment. One AX is deployed to my main site and one AX is deployed to other site, and I have a dedicated link to connect each AX for the HA interface.
Looking at your diagram, it does not seem like the two boxes can be in HA. If box 1 touches the outside and box 2 only touch in the inside, they are really more like 2 stand alone boxes. You have single points of failure. Maybe I just don't understand your diagram.
Agreed, I can't see how HA is achieved with the sample topology. Also, it's unclear what sorts of failures you are trying to protect against.
For the floating IP to work effectively, the AX devices need to share the same L2 domain that you want the floating IP to be on. From the diagram, it looks like the core switches need to be connected. This would allow trunking of both the internal and external VLANs the AX's are connecting to.
Yes, you are right dtidwell. I just forgot to put a link in two core switch in my diagram, but they are in L2 mode. All the vlans from Main office are extended to the branch office, and vice versa.
Comments
That's indeed also possible with LSN implementation.
And the configuration is the very same as what you did on your SLB active-active deployment.
You simply configure:
. HA with preempt
. 2 HA groups with different priorities => AX1 is active on 1 group and standby on the other group
. 2 HA Floating VIP => each device receives the traffic it's supposed to receive
I attached a config sample as example.
Dimitri
Do I need also a VIP for my outside interface?
Thanks,
Can you please elaborate your question? LSN will not allow VIP in the configuration. The way LSN works is by selecting an IP address from the NAT pool and using it as a source for the session(outbound connection).
Regards,
Genard
What I mean is, floating IP for my outside interface. Like I said, I have two AX3000 and I want to have active-active deployment. One AX is deployed to my main site and one AX is deployed to other site, and I have a dedicated link to connect each AX for the HA interface.
I have attached a sample topology.
Thanks,
Dannel
For the floating IP to work effectively, the AX devices need to share the same L2 domain that you want the floating IP to be on. From the diagram, it looks like the core switches need to be connected. This would allow trunking of both the internal and external VLANs the AX's are connecting to.
Now I'm getting the idea.
Thanks,
Dannel